WordPress Brute Force Attacks: Should You Be Worried?

I had already written a new post about the importance of WordPress maintenance when I started reading reports about WordPress websites being the target of a massive brute force attack. The fact that the attack is being reported as larger than usual and claiming the attack is being carried out by a botnet with over 90,000 IP addresses just sounds scary. But there is absolutely no reason for mass hysteria regarding WordPress installations, and here’s why.

I’ve written here before about using unique usernames and passwords, so if you’ve taken my advice, you’re already protected from 99% of all brute force attacks. If you haven’t, log into your dashboard and create a new user with a secure username and password. (See my prior post for tips for secure usernames and passwords) Then once you’ve created the new user with administrator privileges, log into your dashboard with it and delete the admin user.

Not sure what I meant by unsafe passwords? Here is an example of some popular but very unsafe passwords: